On 1/16/07, Costa Basil <[EMAIL PROTECTED]> wrote:
Today, I added some code for calling bean methods from ajax via shale remoting and to my wonder I discovered the mechanisms for executing bean calls are enabled by default. I don't think this is right. I think they should be disabled by default, and they should be enabled once the configuration settings are added to the web.xml. When I added shale core and shale remoting to my project I didn't have time to read the remoting documentation (I didn't have to use it at that time) and I didn't think shale would provide ways to poke server code by default. Is there anything else that I should be aware of? Anyway, I want to enable access only to one bean. I used the DYNAMIC_RESOURCES_INCLUDES directive, but this doesn't make any difference. I didn't understand from the documentation how shale processes the DYNAMIC_RESOURCES_INCLUDES and DYNAMIC_RESOURCES_EXCLUDES parameters and I didn't have time to read the code. Can someone explain this? The other way would be to use the default web app security settings.
The 1.0.3 release did not support the restriction init parameters like DYNAMIC_RESOURCES_INCLUDES, but the upcoming 1.0.4 release (currently being voted on) does support them. Thanks Craig
